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DETAILED ACTION 

This is in response to the application filed on December 22, 2004 where Claims 1 
- 29, of which Claims 1,15, and 26 are in independent form, are presented for 
examination. 

Priority 

Receipt is acknowledged of papers submitted under 35 U.S.C. 119(a)-(d), which 
papers have been placed of record in the file. 

Claim Objections 

Claims 1,15, and 26 are objected to because of the following informalities: 
grammatically error in line 14; enclose "in real time" in commas or omit the word "in." 
Appropriate correction is required. 

Claim Rejections • 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 1 - 7, 11, 15 - 17, 21 - 26, and 28 are rejected under 35 U.S.C. 103(a) 
as being unpatentable over U.S. Patent 6,078,953, invented by Aseem Vaid et al. 
(hereinafter referenced as "Vaid"), in view of U.S. Patent 6,442,588 B1, invented 
by Clark et al. (hereinafter referenced as "Clark"). 

1 . Regarding Claims 1. 15. and 26 . Vaid discloses of a method and system of 
monitoring and controlling data transfer between a user terminal coupled to a first 
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communication network (Abstract; Fig. 1; method and system for controlling traffic and 
monitoring such traffic to ensure a quality of service within the communication network) 
and a second communication network via a gateway and a firewall (Abstract; Fig. 1 ; 
network includes firewall server and traffic management tool coupled to the firewall 
server). The disclosed system and method also simultaneously monitors at the firewall 
the transfer of data between the user terminal and the second communication network 
(Col. 10, Lines 29-36; continuous traffic management cycle that includes monitoring 
phase) and dynamically controls real time bandwidth available to the user terminal (Col. 
18; Lines 46-51; real-time monitoring and controlling of traffic). Vaid also discloses that 
the traffic management is implemented using rule-based techniques within the firewall 
(Col. 3, Lines 38-40). However, Vaid does not specifically disclose that the user sends 
an access request to the gateway from the user terminal requiring access to the second 
communication network or that the gateway reads the access request and modifies at 
least one access rule in the firewall to permit access for the user terminal requesting 
access based on an authenticated IP address of the user terminal requesting access. 

Clark discloses a method and system of monitoring and controlling data transfer 
between communication networks where the user sends an access request to the 
gateway from the user terminal requiring access to the second communication network 
(Fig. 2; Col. 3, Lines 20-22; user requests access to online services or internet). Clark 
also discloses that the gateway reads the access request and modifies at least one 
access rule in the firewall to permit access for the user terminal requesting access 
based on an authenticated IP address of the user terminal requesting access (Col. 4, 
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Lines 29-39; user requested for authentication of ID and password, then IP address is 
assigned to user and authenticated to access the services requested). It would be 
obvious to one skilled in the art to apply the authentication process disclosed in Clark to 
the invention disclosed in Vaid. Requiring authentication of each user terminal limits the 
number of unauthorized users that are allowed to communicate and utilize the limited 
bandwidth within the communication system. This allows a communication system to 
better allocate the provided bandwidth and meet certain requirements or quality of 
service policies requested by the user. 

2. Regarding Claims 2. 25. and 28 . Vaid, in new of Clark, discloses all the 
limitations of Claims 1,15, and 26 as stated above. Vaid further discloses that the 
dynamic control of bandwidth available to the user terminals occurs whilst maintaining 
communication of the user terminal with the second communication network (Col. 17, 
Lines 27-31, 35-38, and 40-48; combination of flow control and queuing is used to 
dynamically change bandwidth varying on the demand requested by the user while 
keeping the user connected). 

3. Regarding Claims 3. 4. 21. and 22 . Vaid, in view of Clark, discloses all the 
limitations of Claims 1 and 15 above. Vaid further discloses of restricting the bandwidth 
regardless of when it is allocated to a single user terminal or a plurality of user terminals 
(Fig. 1 ; Col. 3, Lines 21-26, 34-35; single point of access to monitor and control 
communication traffic either at a one computer terminal or a firewall connected to 
multiple users). 
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4. Regarding Claims 5 and 24 . Vaid, in view of Clark, discloses all the limitations of 
Claims 1 and 15 above. Vaid further discloses that the bandwidth is restricted for 
uploading data and/or downloading data (Col. 12; Lines 59-61). 

5. Regarding Claim 6 . Vaid, in view of Clark, discloses all the limitations of Claim 1 
above. Vaid further discloses that the restricted bandwidth is allocated to one or more 
terminals for a prescribed time period (Col. 10, Lines 37-39; monitor and control 
activities at various times). 

6. Regarding Claim 7 . Vaid, in view of Clark, discloses all the limitations of Claim 1 
above. Vaid further discloses that a restricted bandwidth is allocated to one or more 
terminals on the basis of a priority status allocated to the one or more terminals or a 
user account (Col. 1 0, Lines 44-46, 49-52). 

7. Regarding Claims 11 and 23 . Vaid, in view of Clark, discloses all the limitations 
of Claims 1 and 15 above. Vaid further discloses of controlling the access of a user 
terminal to the second communication network from a management terminal coupled to 
the first communication network and restricting bandwidth to a user account (Col. 13, 
Lines 1-5, and 32-43; FAIR module controls the bandwidth by parameters such as 
class, session, burst, packet, and others; class examples include IP address, subnet 
mask, destination, etc.). 

8. Regarding Claims 16-18 . Vaid, in view of Clark, discloses all the limitations of 
Claim 15 above. Vaid further discloses that both the firewall and gateway can be 
comprised in a single machine (Fig. 1; Col. 6, Lines 6-8) or in different machines (Fig. 4, 
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5, and 6; Col. 9, Lines 8-1 1 and 60-65; tool can be stand-alone at the WAN access point 
as a conventional firewall with a separate gateway). 

Claims 8 and 19 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Vaid, in view of Clark, and in further view of U.S. Patent 6,272,127 B1, 
invented by Michael E. Golden (hereinafter referenced as "Golden"). 
9. Regarding Claims 8 and 19 , Vaid, in view of Clark, discloses all the limitations of 
Claims 1 and 15 as stated above. Neither Vaid nor Clark, however, specifically 
discloses that the user terminal can be authenticated by the gateway using an 
encryption/decryption process. 

Golden discloses the use of data encryption/decryption to securely transmit and 
receive data within a packet-switched communication system (Col. 15, Lines 32-36 and 
49-56). It would be obvious to one skilled in the art to use the encryption/decryption 
process to authenticate the user terminal that requested access to the second 
communication network. Instead of requesting authentication of a user terminal via user 
ID and password, the system itself can automatically authenticate the user terminal via 
the encryption keys encapsulating the transmitted data. This provides the system the 
ability to authenticate via software and remove the need of authenticating the 
communication terminal through human participation. 

Claims 9, 10, 12 - 14, 20, 27, and 29 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Vaid, in view of Clark, and in further view of U.S. Appl. 
2002/0026503 A1, filed by Samuel Bendinelli et al. (hereinafter referenced as 
"Bendinelli"). 
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10. Regarding Claims 9, 10. 20, 27, and 29 . Vaid, in view of Clark, discloses all the 
limitations of Claims 1,15, and 26 as stated above. Vaid further discloses that the 
traffic monitoring and controlling tool based on traffic classes, which can be but not 
limited to, IP addresses, subnet, network, time, protocol, network, etc. (Col. 13, Lines 
33-43). Vaid also disclosed that the traffic tool is the single point to manage and control 
traffic from one communication network to another (Fig. 1 ; Col. 3, Lines 21-26). Neither 
Vaid nor Clark, however, specifically discloses that all ports of access of one or more 
user terminals are monitored or that these port can be enabled and/or disabled. 

Bendinelli discloses the use of additional parameters to filter the packets that are 
allowed to pass through the firewall, which include protocol, ports, and direction (Pg. 22, 
Para. 0243). It would be obvious to one skilled in the art to monitor and control the 
ports of access on a user terminal. Doing so provides additional measures of 
controlling and filtering content, which can be categorized into various traffic classes, to 
collaborate with the traffic policies and traffic rules that maintain and effectively utilize 
the bandwidth available to the communication network. 

1 1 . Regarding Claims 12-14 . Vaid, in view of Clark, discloses all the limitations of 
Claim 1 as stated above. Vaid nor Clark, however, specifically discloses monitoring the 
period of time a user terminal has access to the second communication network, 
quantity of data a user terminal uploads and/or downloads, or the cost to a user having 
access to the second network. 

Bendinelli discloses the monitoring between the gateway and base network 
bandwidth statistics, including quantity of data from each terminal and time intervals of 
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user access to the bandwidth (Figs. 42-44; Pg. 32, Para. 0388, 0389, and 0392). 
Bendinelli further discloses the method of determining the cost to the user having 
access to the second communication network (Fig. 29; Pg. 34, Para. 0356). It would be 
obvious to one skilled in the art to include such statistics to better monitor the usage in 
various terminals and also by various users. Monitoring both time intervals and quantity 
of bandwidth access allows the system to predict future uses of bandwidth and better 
accommodate for quality of service and user demands on the network bandwidth. 
Additionally, the ability to determine the cost of a user terminal to access the second 
communication network would also be obvious to implement to adjust the priorities of 
various users. Users can pay a higher premium for higher percentages of the 
bandwidth and for higher quality of service requirements for the various services they 
are accessing within the second communication network. 

Additional References 
Additional references that are relevant to the pending application and not cited: 
U.S. Patent 6,771,661 B1 - system and method of programming a 
communication device to automatically and dynamically modify allocation of resources 
upon a specific condition without breaking active sessions of data communications 
using RSVP protocol; 

U.S. Patent 5,896,499 - embedded security processor used in conjunction with a 
main processor to provide security for a computer system and describes host-based 
firewalls; 
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U.S. Patent 6,182,226 B1 - system and method of achieving network separation 
by defining a plurality of regions and configuring a set of policies for each of the regions; 

U.S. Appl. 2003/0051057 A1 - system and method of controlling access to 
various applications using a firewall which has the ability to authenticate a computer 
system on an individual basis, such as authentication the IP address, or session basis, 
varying by application. 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Tae K. Kim, whose telephone number is (571 ) 270- 
1979. The examiner can normally be reached on Monday - Friday (8:00 AM - 5:00 PM). 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Frantz Coby, can be reached on (571 ) 272-401 7. The fax phone number for 
submitting all Official communications is (703) 872-9306. The fax phone number for 
submitting informal communications such as drafts, proposed amendments, etc., may 
be faxed directly to the examiner at (571 ) 270-2979. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at (866) 217-9197 (toll-free). 
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